Specialized content distributors deliver much of the digital content that is consumed over the Internet. Content providers create the content and offload it to the content distributor for large scale delivery to end users located throughout the world. The content distributor manages the infrastructure and capacity needed to deliver different content provider content, thereby allowing the content providers to focus on content creation.
A content delivery network (CDN) is an example of a content distributor that delivers content on behalf of different content providers. The CDN provides additional benefits including optimizing and securing content delivery. By distributing the content of several content providers from the same infrastructure, CDNs and other such content distributors, become more frequent targets of network based attacks. Successful attacks on a CDN could have wide spread impact affecting multiple content providers as well as the numerous end users that receive content from the CDN.
One such attack involves fooling the CDN or content distributor with seemingly valid security certificates in order to make the CDN think that the attacker is a particular content provider CDN customer that has content offloaded to the CDN for delivery. In fraudulently emulating the particular content provider, the attacker replaces the actual customer's original content on the CDN with fraudulent content. Thereafter, whenever the customer's content is requested from the CDN, the CDN unknowingly distributes the fraudulent content instead.
FIG. 1 illustrates how such an attack can be carried out. The attack is initiated when a user 110 submits (at 170) a request for content to a CDN or content distribution server 120 and the server 120 does not have a locally cached copy of the requested content. The server 120 attempts to establish a secure connection with and forward (at 175) the request to a content provider 130 originating the requested content, in order to retrieve a copy of the valid content.
The connection or forwarded request is intercepted by a third party 140. In this figure, the third party 140 uses a compromised or misconfigured router 150 to intercept (at 180) or redirect the request to the third party 140. The router 150 could also be a firewall. The third party 140 also uses a compromised certificate authority to issue or sign a seemingly valid certificate 160 fraudulently verifying the third party 140 identity as the content provider 130.
In response to the intercepted request, the third party 140 sends (at 185) the seemingly valid certificate 160 with the fraudulent content to the server 120, thereby fooling the CDN or content distributor into thinking it is receiving valid content from the content provider 130. The server 120 then serves (at 190) the fraudulent content to the user 110 in response to the user request. The server 120 may also cache a copy of the fraudulent content to provide to other users that subsequently request the content provider's 130 content from the server 120. This would then propagate the fraudulent content to an even greater number of users.
Similar attacks can be used to hijack and replace content passed by the CDN to end users. In such situations, the end users believe they are receiving content from the CDN, when in fact, the content is being provided by a third party that appears to be the CDN by way of fraudulent security certificates.
There is therefore a need to improve CDN security. To verify authenticity of content received by the CDN, there is a need to not only verify the sender's identity with a security certificate, but also the identity of the certificate authority issuing the certificate and assuring the sender's identity. Such verification is also needed for content the CDN sends to end users in order to ensure that the end users are in fact receiving content sent from the CDN and not an intercepting third party.